This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/4dbfLFgTwDYrqXnFB2f4xHMplQw.roa
File:                     4dbfLFgTwDYrqXnFB2f4xHMplQw.roa (raw, json)
Hash identifier:          qdee12QBSfwV430rgWvKnONQnxAQwUpDJUc9sSl89Tk=
Subject key identifier:   E1:D6:DF:2C:58:13:C0:36:2B:A9:79:C5:07:67:F8:C4:73:29:95:0C
Certificate issuer:       /CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
Certificate serial:       019B77C67055C3B934E948B505703BE7159B
Authority key identifier: EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/4dbfLFgTwDYrqXnFB2f4xHMplQw.roa
Signing time:             Thu 01 Jan 2026 04:17:32 +0000
ROA not before:           Thu 01 Jan 2026 04:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202418
IP address blocks:        2a0d:2406:d00::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:70:55:c3:b9:34:e9:48:b5:05:70:3b:e7:15:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec4fb061a9426e4fb2885d822867572a1b58a4c0
        Validity
            Not Before: Jan  1 04:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e1d6df2c5813c0362ba979c50767f8c47329950c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ba:54:00:bc:1e:11:74:9f:76:47:1c:f7:bc:
                    1d:9c:de:17:25:f6:9f:c2:b2:7f:ee:eb:01:56:e8:
                    9a:90:8f:28:e9:bb:91:a4:38:58:c9:0b:64:c4:1c:
                    7c:33:64:f4:31:b8:e1:da:77:11:3b:bd:4e:7a:db:
                    98:98:2b:3f:db:1a:69:56:71:1a:65:b7:02:20:4f:
                    b2:ff:52:66:0e:2c:76:c5:e2:fd:e5:b1:cd:30:37:
                    ae:ed:29:5b:38:cb:03:2a:7b:16:6f:7e:56:7d:d3:
                    09:fa:2c:c0:11:e2:c4:6a:2c:35:1b:ba:6b:7f:93:
                    a5:b4:50:ca:60:e1:93:fa:78:21:06:dd:a6:b7:ad:
                    c2:eb:14:cd:5a:59:56:f4:60:27:a0:9e:27:29:de:
                    19:1e:82:4a:05:88:40:b5:d2:d8:77:c1:4c:d1:88:
                    cb:31:28:71:3e:48:9b:b3:7c:a3:b8:9d:f0:14:22:
                    32:3f:7f:17:4a:70:a3:6a:7c:ff:cd:91:de:79:b7:
                    e6:29:19:f9:3b:bf:4d:2c:9b:95:a5:c1:e6:b1:e8:
                    dc:40:11:60:fe:1d:e1:dc:4e:f9:73:e8:21:e6:34:
                    2a:11:ca:11:e8:4e:3d:30:99:7f:41:19:8c:bb:e0:
                    f3:00:97:c3:14:d0:32:d4:d3:28:11:b9:54:2b:23:
                    af:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D6:DF:2C:58:13:C0:36:2B:A9:79:C5:07:67:F8:C4:73:29:95:0C
            X509v3 Authority Key Identifier:
                keyid:EC:4F:B0:61:A9:42:6E:4F:B2:88:5D:82:28:67:57:2A:1B:58:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7E-wYalCbk-yiF2CKGdXKhtYpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/4dbfLFgTwDYrqXnFB2f4xHMplQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7bc3ab-d9b6-4ae4-bcd1-ce57150695a9/1/7E-wYalCbk-yiF2CKGdXKhtYpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2406:d00::/44

    Signature Algorithm: sha256WithRSAEncryption
         60:19:c1:ae:c0:75:58:42:44:4b:98:77:92:61:a5:a7:51:a8:
         5a:a3:2d:17:a5:1a:05:76:94:79:88:0c:cb:d6:f0:19:f3:b7:
         77:2e:fa:91:e3:76:24:09:62:f8:20:f8:a8:42:6b:10:b2:e5:
         a0:77:51:8b:5c:ea:77:42:07:d3:a2:9a:4e:e6:a9:85:5c:32:
         eb:6c:b1:61:ee:cb:22:d7:1e:65:90:cd:db:64:39:b6:65:82:
         00:c7:16:83:08:fa:1b:4d:12:f6:b8:03:66:a9:27:f0:20:f4:
         8f:93:05:89:96:32:21:f1:9a:f1:22:4c:55:68:4c:2e:fe:77:
         4e:be:88:d3:10:dd:3c:84:73:bf:a5:68:f5:cd:70:1c:6a:ec:
         5f:ff:32:07:db:44:b2:83:24:2c:82:2b:ce:27:23:16:a0:35:
         94:05:41:49:9f:63:f2:dd:9c:71:4f:d5:7f:03:f3:84:46:31:
         d0:00:3f:f7:f8:f0:e2:58:34:e9:21:df:c8:c1:e2:5a:80:64:
         5d:e7:3a:d9:b7:f5:17:83:70:d8:5f:a8:b2:67:42:09:78:e4:
         ae:af:49:9c:83:b9:b7:6f:23:7a:74:9a:27:72:db:73:b9:78:
         15:43:e3:24:52:e7:8d:f6:3d:0a:83:5d:8d:48:cf:43:a7:30:
         91:54:df:31
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3xnBVw7k06Ui1BXA75xWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNGZiMDYxYTk0MjZlNGZiMjg4NWQ4MjI4Njc1NzJhMWI1
OGE0YzAwHhcNMjYwMTAxMDQxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWQ2ZGYyYzU4MTNjMDM2MmJhOTc5YzUwNzY3ZjhjNDczMjk5NTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbpUALweEXSfdkcc97wdnN4XJfaf
wrJ/7usBVuiakI8o6buRpDhYyQtkxBx8M2T0Mbjh2ncRO71OetuYmCs/2xppVnEa
ZbcCIE+y/1JmDix2xeL95bHNMDeu7SlbOMsDKnsWb35WfdMJ+izAEeLEaiw1G7pr
f5OltFDKYOGT+nghBt2mt63C6xTNWllW9GAnoJ4nKd4ZHoJKBYhAtdLYd8FM0YjL
MShxPkibs3yjuJ3wFCIyP38XSnCjanz/zZHeebfmKRn5O79NLJuVpcHmsejcQBFg
/h3h3E75c+gh5jQqEcoR6E49MJl/QRmMu+DzAJfDFNAy1NMoEblUKyOvtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOHW3yxYE8A2K6l5xQdn+MRzKZUMMB8GA1UdIwQY
MBaAFOxPsGGpQm5PsohdgihnVyobWKTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEt
Y2U1NzE1MDY5NWE5LzEvNGRiZkxGZ1R3RFlycVhuRkIyZjR4SE1wbFF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83YmMzYWItZDliNi00YWU0LWJjZDEtY2U1NzE1MDY5NWE5
LzEvN0Utd1lhbENiay15aUYyQ0tHZFhLaHRZcE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0kBg0A
MA0GCSqGSIb3DQEBCwUAA4IBAQBgGcGuwHVYQkRLmHeSYaWnUahaoy0XpRoFdpR5
iAzL1vAZ87d3LvqR43YkCWL4IPioQmsQsuWgd1GLXOp3QgfToppO5qmFXDLrbLFh
7ssi1x5lkM3bZDm2ZYIAxxaDCPobTRL2uANmqSfwIPSPkwWJljIh8ZrxIkxVaEwu
/ndOvojTEN08hHO/pWj1zXAcauxf/zIH20SygyQsgivOJyMWoDWUBUFJn2Py3Zxx
T9V/A/OERjHQAD/3+PDiWDTpId/IweJagGRd5zrZt/UXg3DYX6iyZ0IJeOSur0mc
g7m3byN6dJoncttzuXgVQ+MkUueN9j0Kg12NSM9DpzCRVN8x
-----END CERTIFICATE-----